[Swan] pfkey_x_kmprivate_build() oddity?
D. Hugh Redelmeier
hugh at mimosa.com
Fri Feb 15 08:00:03 EET 2013
Coverity Scan highlights this:
struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext;
/* sanity checks... */
if(pfkey_x_kmprivate) {
DEBUGGING(PF_KEY_DEBUG_BUILD,
"pfkey_x_kmprivate_build: "
"why is pfkey_x_kmprivate already pointing to something?\n");
SENDERR(EINVAL);
}
pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0;
At the point of the sanity check:
if pfkey_x_kmprivate is non-NULL, we complain and exit (SENDERR).
if it is not, we immediately dereference it, a NULL pointer.
What's up with this?
Has this code ever worked? (Of course I might be confused at 1 AM.)
Test case?
Blame says
Michael Richardson 2005-11-02 13:10:32
but this might well have been a mass-import from some other repo.
There are no more recent fingerprints nearby.
More information about the Swan
mailing list